Dynamic Friction and the Fight against Account Takeover

Dynamic Friction and the Fight against Account Takeover

November 21, 2019

Consumers are expecting seamless online experiences, but how can businesses deliver on that expectation while still protecting against fraud and not treating customers and fraudsters alike? Enter Dynamic Friction: the optimal application of friction to user journeys based on behavioral and situational attributes, so protection against fraud doesn’t result in customer insult for legitimate users. It’s the latest evolution of Digital Trust & Safety, the fraud prevention methodology that strategically aligns risk and revenue decisions and is powered by processes and technology. But how is Dynamic Friction applied? Let’s take a look.

Sift Theme Month Article 3 Infographic

The above image illustrates a user journey, from account login to checkout. As a user moves through the journey, each interaction is evaluated for risk. If the level of risk hits a certain threshold, additional verification is applied. If the interactions are deemed trustworthy, the additional verification is removed, giving the user a more streamlined experience.

This method of dynamically applying friction to the user journey stands apart from legacy solutions, which apply friction in the same way to all users, even at the risk of alienating good users and causing false positives. Additionally, legacy solutions only look at one specific event in the user journey, while Dynamic Friction considers the user journey holistically, from end to end.

Use Case: Dynamic Friction and Account Takeover

While Dynamic Friction can be applied to every point in a user’s journey, let’s look at it through the lens of account takeover (ATO). Account takeover is a rapidly growing, industry-agnostic problem. The issue has become so ubiquitous that it’s likely either your business or one that you’re familiar with has been the victim of a successful or attempted ATO attack. According to the Sift 2017 Fraud-Fighting Trends Report, 48 percent of online businesses experienced an increase in ATO in 2016. For businesses, the need to protect against this threat has never been stronger.

One effective way to combat ATO is to apply additional verification to login events by introducing multi-factor authentication (MFA), biometric verification, and other authentication methods. But many businesses shy away from these verification methods because they introduce friction, which creates pain points for users. The thought of introducing speed bumps into the user experience seems counterproductive and the fastest way to send a customer right to the competition. While there is some truth to that belief, it mainly applies to the indiscriminate application of friction—which Dynamic Friction eliminates.

Historically, businesses have relied on a one-size-fits-all approach that doesn’t differentiate between known, trusted users and fraudsters, delivering identical experiences to both groups. From CAPTCHAs to other clunky security features, these methods deliver poor customer experiences, while fraud teams find themselves playing a never-ending game of catch-up to accommodate for fraudsters’ ever-evolving tactics and strategies.

For businesses to remain competitive, they must embrace the smarter, more streamlined approach to combating ATO: introducing MFA, and thoughtfully applying it via Dynamic Friction.

MFA and Dynamic Friction: a smarter, more efficient approach to authentication

No matter the vertical your business is in, MFA is one of the strongest methods for securing user accounts because fraudsters don’t often have access to the additional factor required to authenticate.

Sift Theme Month Article 3 Infographic B

Microsoft and Google are strong proponents of MFA: according to Microsoft, users that enable MFA for their accounts will block 99.9 percent of ATO attempts, while Google found that device-based challenges have high rates of success in blocking attacks. On-device prompts—a more secure alternative to SMS verification—block 100 percent of automated bots, 99 percent of bulk phishing attacks, and 90 percent of targeted attacks.

The data is clear: MFA is significantly more effective at securing accounts and stopping ATO attempts than passwords alone. So why aren’t more businesses adopting this method of fraud prevention?

The Fear of Friction

Smart businesses worry about creating negative customer experiences in an environment where customer expectations for convenience are increasing, from one-click checkout to instant delivery, to on-demand services. Churn and reduced engagement are often big concerns—will my customers go to a competitor if they feel inconvenienced? Do they feel as though they’re being treated as fraudsters rather than trusted, legitimate users—guilty until proven innocent?

With Dynamic Friction, inconvenience and customer insult are no longer the foregone conclusions of introducing MFA. When you apply friction in a smart and strategic way, good users aren’t caught in the net of the indiscriminate application of roadblocks and authentication. Introducing Dynamic Friction into your fraud prevention process is one step on your journey towards a full Digital Trust & Safety transformation—because Dynamic Friction is an application of the Digital Trust & Safety methodology.

The time to implement Dynamic Friction is now

If you want to learn more about how to introduce Dynamic Friction into customer journeys to create more positive user experiences, download our ebook, Dynamic Friction: Delivering the Right Experiences at the Right Time.

Previous-Article-CNP  Next-Article-CNP

New call-to-action

 

 

  • Share this Article:
Author